Merge in recent changes from OpenSSL_0_9_6-stable.

6 files changed, 7 insertions, 19 deletions

diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
index 3d824a07f5..d2db47e978 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -37,25 +37,6 @@ and public exponent elements populated. It performs integrity checks on all
 the RSA key material, so the RSA key structure must contain all the private
 key data too.
 
-Unlike most other RSA functions, this function does B<not> work
-transparently with any underlying ENGINE implementation because it uses the
-key data in the RSA structure directly. An ENGINE implementation can
-override the way key data is stored and handled, and can even provide
-support for HSM keys - in which case the RSA structure may contain B<no>
-key data at all! If the ENGINE in question is only being used for
-acceleration or analysis purposes, then in all likelihood the RSA key data
-is complete and untouched, but this can't be assumed in the general case.
-
-=head1 BUGS
-
-A method of verifying the RSA key using opaque RSA API functions might need
-to be considered. Right now RSA_check_key() simply uses the RSA structure
-elements directly, bypassing the RSA_METHOD table altogether (and
-completely violating encapsulation and object-orientation in the process).
-The best fix will probably be to introduce a "check_key()" handler to the
-RSA_METHOD function table so that alternative implementations can also
-provide their own verifiers.
-
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
index ac6caf9baa..a673edba85 100644
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -69,6 +69,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut
diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
index 766f1876aa..8426310c0d 100644
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -66,6 +66,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut
diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
index 7adf8adfed..d88a057def 100644
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -49,6 +49,7 @@ information.
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
 L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
 
 =cut
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
index dfa42e9aee..e013c12d52 100644
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -65,6 +65,9 @@ When an SSL_write() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
 with the same arguments.
 
+When calling SSL_write() with num=0 bytes to be sent the behaviour is
+undefined.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 79b19d9eb1..2dcee0385a 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -682,6 +682,7 @@ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
 L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
 L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
 L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,